{% if repo_type == 'yara' %}
# YARA Local Custom Rules Repository

This folder has already been initialized as a git repo 
and your Security Onion grid is configured to import any YARA rule files found here. 

Just add your rule file and commit it.

For example:

** Note: If this is your first time making changes to this repo, you may run into the following error:

fatal: detected dubious ownership in repository at '/nsm/rules/custom-local-repos/local-yara'
To add an exception for this directory, call:
	git config --global --add safe.directory /nsm/rules/custom-local-repos/local-yara

This means that the user you are running commands as does not match the user that is used for this git repo (socore).
You will need to make sure your rule files are accessible to the socore user, so either su to socore 
or add the exception and then chown the rule files later.

Also, you will be asked to set some configuration:
```
Author identity unknown
*** Please tell me who you are.
Run
  git config --global user.email "you@example.com"
  git config --global user.name "Your Name"
to set your account's default identity.
Omit --global to set the identity only in this repository.
```

Run these commands, ommitting the `--global`.

With that out of the way:

First, create the rule file with a .yar extension:
`vi my_custom_rule.yar`

Next, use git to stage the new rule to be committed:
`git add my_custom_rule.yar`

Finally, commit it:
`git commit -m "Initial commit of my_custom_rule.yar"`

The next time the Strelka / YARA engine syncs, the new rule should be imported
If there are errors, review the sync log to troubleshoot further.

{% elif repo_type == 'sigma' %}
# Sigma Local Custom Rules Repository

This folder has already been initialized as a git repo 
and your Security Onion grid is configured to import any Sigma rule files found here. 

Just add your rule file and commit it.

For example:

** Note: If this is your first time making changes to this repo, you may run into the following error:

fatal: detected dubious ownership in repository at '/nsm/rules/custom-local-repos/local-sigma'
To add an exception for this directory, call:
	git config --global --add safe.directory /nsm/rules/custom-local-repos/local-sigma

This means that the user you are running commands as does not match the user that is used for this git repo (socore).
You will need to make sure your rule files are accessible to the socore user, so either su to socore 
or add the exception and then chown the rule files later.

Also, you will be asked to set some configuration:
```
Author identity unknown
*** Please tell me who you are.
Run
  git config --global user.email "you@example.com"
  git config --global user.name "Your Name"
to set your account's default identity.
Omit --global to set the identity only in this repository.
```

Run these commands, ommitting the `--global`.

With that out of the way:

First, create the rule file with a .yml or .yaml extension:
`vi my_custom_rule.yml`

Next, use git to stage the new rule to be committed:
`git add my_custom_rule.yml`

Finally, commit it:
`git commit -m "Initial commit of my_custom_rule.yml"`

The next time the Elastalert / Sigma engine syncs, the new rule should be imported
If there are errors, review the sync log to troubleshoot further.
{% endif %}